Iberia Confirms Major Customer Data Breach, Activates Security Protocols

The Spanish airline Iberia has confirmed a serious security breach affecting customer personal data after detecting unauthorized access to the systems of one of its technology providers. The incident, reported to users in recent hours, adds to a wave of recent cyberattacks targeting large international companies, placing cybersecurity back at the forefront of the aviation and travel industry.

According to Iberia, the information potentially compromised includes full names, email addresses, and Iberia Plus program ID numbers. The airline emphasized that passwords, usernames, and full banking information were not affected, meaning there is no direct risk of financial fraud for customers.

Upon discovering the breach, Iberia immediately activated its internal security protocol, strengthening verification controls for email changes, intensifying monitoring for suspicious activity, and reviewing system access. The company has also notified the relevant data protection authority in compliance with European and national privacy regulations.

Iberia has advised customers to remain vigilant against phishing attempts, particularly emails or messages appearing to come from Iberia that request personal information or login credentials. The airline stressed that it does not request sensitive data through unsecured communications.

This breach comes at a sensitive time for Iberia, following the recent decision to temporarily suspend all flights to Venezuela due to a FAA advisory highlighting deteriorating aviation safety and increased military activity in the region.

With over 31.7 million passengers transported in the past year, Iberia now faces the challenge of restoring customer trust, as data protection, digital security, and technological resilience have become strategic pillars for the global airline industry.